Most Recent Blogs

The Security Skills Shortage Is Worse Than You Think

Posted: August 30, 2012   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, Check Point, Palo Alto Networks, Private Cloud Infrastructure, Information and Risk Management, Sourcefire, HP, Dell, McAfee, Security and Privacy, BYOD, Raytheon, Lockheed Martin, trend micro, Symantec, saic, CSC, BT, Verizon, Unisys, Server Virtualization, security skills, Public Cloud Service

I’ve written a lot about the security skills shortage but it is worth reviewing a bit of data here for context. According to ESG Research, 55% of enterprise organizations (i.e., those with more than 1,000 employees) plan to hire additional security professionals in 2012 but they are extremely hard to find. In fact, 83% of enterprises claim that it is “extremely difficult” or “somewhat difficult” to recruit and/or hire security professionals in the current market.

Given this data, it is fair to assume that many IT security organizations are short staffed and pushing the security team to its limits. As if this wasn’t bad enough, ESG data also points to 3 trends that exacerbate the security skills shortage further impacting the effectiveness of the precious few security personnel in place:

  1. Critical skills deficits. Along with the shortage of staff, many organizations report that their security staff lacks skills in critical areas such as network security, cloud computing/server virtualization security, mobile device security, and security analysis/forensics.
  2. Security staff time management. Large organizations indicate that one of their biggest problems is that their security professionals spend an inordinate amount of their time putting out fires. This limits the time for other more proactive security activities.
  3. Security tools complexity and lack of automation. Security vendors built tools rich in feature/functionality and designed for customization. Unfortunately, many large organizations don’t have the time or staff necessary to fine-tune them or develop expertise in their use.
Read More

Information Security: A Sobering Topic at VMworld

Posted: August 22, 2012   /   By: Jon Oltsik   /   Tags: Cloud Computing, Microsoft, VMware, Private Cloud Infrastructure, Information and Risk Management, Security and Privacy, VMworld, Citrix, SANS, ISC2, CISO, Server Virtualization, IT skills, security skills, Public Cloud Service

The technology industry is about to come together next week for VMworld in San Francisco. In the span of a few short years, this show has become a real showcase of the latest and greatest IT technology and industry vision. At VMware, every company wants its IT department to look like Amazon, Google, or Zynga, running applications on fully-automated and orchestrated cloud computing platforms, and easily managing thousands of servers and petabytes of data across multiple data centers.

Read More

Security Services Continue to Grow -- In the Enterprise

Posted: June 27, 2012   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, EMC, Private Cloud Infrastructure, Information and Risk Management, HP, Security and Privacy, Security, SIEM, Symantec, RSA, CISO, CSC, BT, mssp, Verizon, Unisys, security services, venture capital, Server Virtualization, security skills, Public Cloud Service

In my last blog, I presented some data about the extremely critical but often ignored security skills shortage. While 55% of enterprise organizations (i.e., more than 1,000 employees) plan to add information security headcount this year, 83% say it is "extremely difficult" or "somewhat difficult" to recruit and hire these folks.

Read More

More On The Security Skills Shortage Issue

Posted: June 21, 2012   /   By: Jon Oltsik   /   Tags: Information Security, Cloud Computing, Network Security, Cybersecurity, End-User Computing, Endpoint & Application Virtualization, IT Infrastructure, Private Cloud Infrastructure, Networking, Information and Risk Management, mobile, Security and Privacy, BYOD, endpoint security, DHS, Symantec, federal government, nsa, security analytics, DoD, security skills, cloud security

I frequently peruse information security news, and recently came across this article. The article highlights Symantec CEO Enrique Salem's warning of a shortage of talented cybersecurity professionals in the United States. Furthermore, this shortage is especially pronounced where it may be needed most -- law enforcement, intelligence agencies, and the Department of Defense.

Read More

RSA Conference 2012 Observations Part II

Posted: March 07, 2012   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Fortinet, Cisco, Information and Risk Management, Sourcefire, McAfee, Security and Privacy, Juniper Networks, trend micro, Symantec, F5, Firewall, Anti-malware, crossbeam systems, security skills, SonicWall

I missed the keynotes at RSA as I was buried with wall-to-wall meetings from the time I arrived on Monday through Thursday evening. Nevertheless, I had a chance to speak with a lot of security industry insiders and IT security professionals during my time at RSA. Building on my previous blog, here are a few additional take-aways:

Read More

Information Security Budgets Will Increase in 2012

Posted: January 24, 2012   /   By: Jon Oltsik   /   Tags: IBM, Network Security, Check Point, Cisco, Information and Risk Management, Juniper, Sourcefire, FireEye, HP, McAfee, Security and Privacy, SIEM, Symantec, ISC2, Damballa, Unisys, security skills, IT, security spending

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year. Our 2012 IT Spending Intentions survey is set to be published soon, and I got a peak at the data recently. Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

Read More

Information Security Skills Shortage Continues

Posted: January 19, 2012   /   By: Jon Oltsik   /   Tags: Information Security, Cybersecurity, Information and Risk Management, Security and Privacy, federal government, ISC2, NIST, security services, CISSP, security skills, cloud security

Like other analyst firms, ESG conducts research on IT Spending Intentions annually. The latest 2012 report will be published soon, but in the meantime, I've taken a look at the data that will be included. One of the things we track is IT hiring plans in all areas including IT security.

Read More

Posts by Topic

see all